GO-2025-4266 — Vulnetix

GO-2025-4266 PUBLISHED

Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

Affected Products

Vendor	Product	Versions
code.gitea.io	gitea	0, 0

Timeline

Dec 30, 2025 CVE Published
Mar 3, 2026 CVE Updated
May 1, 2026 Security Advisory

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›